Story time!

In the late 1990s, something called ‘DHTML’ was invented. We now call it ‘AJAX’, but it’s the same thing: using javascript to rewrite HTML in real time. This is because the web browser is, essentially, a rich text viewer (like a copy of microsoft word where you can’t edit documents), but with a programming language embedded (like word’s macro system), & people were put under pressure to make web pages act more like whole applications. But, it turned out that you could do funny things like post a comment that loaded new javascript from your own website that, for instance, replaced the login form with a new login form that sent passwords to you. This is called a cross-site scripting attack. So, because nobody thinks ahead, browser makers created a ‘solution’ called Same Origin Policy (SOP). SOP, in a nutshell, means “it’s impossible for code running on a website to download things from a website with a different domain name”.

This is a stupid solution for many reasons: it doesn’t actually solve the problem sometimes, and it causes a bunch of other problems.

One of the problems it causes is that when somebody’s medium publication (or tumblr blog, or whatever) has its own domain name, suddenly every piece of javascript that deals with site-wide stuff (like cookies, or accounts, or whatever) doesn’t work.

How they get around this is to actually have the login screen be available through this other domain, and make everybody re-log-in. It’s not a duplicate account, because and and all these other things are actually not different websites — they’re just alternate domains pointing at medium, which medium has been instructed to treat in special ways — but you’ll have a duplicate cookie on your computer, because basically all of our infrastructure assumes that a single domain = a single owner = a single server = a single account.

Written by

Resident hypertext crank. Author of Big and Small Computing: Trajectories for the Future of Software.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store